risks and rewards of adding augmented reality to connected ... · pdf file1 as every business...

1

As every business becomes a digital business, technology advances like the Internet of Things (IoT) and augmented reality (AR) have the potential to add significant business value and make daily life more convenient and enriching. This year’s ISACA IT Risk/Reward Barometer shows that it is still early days for the adoption of AR, which ISACA defines as a technology that superimposes a computer-generated overlay on a user’s view of the real world. Yet IT professionals, and even more so consumers, are able to see the value in potential applications of AR-enhanced IoT devices. Naturally, they are also able to see potential risk – such as data privacy violations or the uniquely AR threat of a virtual graffiti attack. Like any technology with the potential to transform, organizations will want to understand what is possible and strike the right balance between mitigating risk and enabling improved business performance through the strategic use of emerging technologies.

RISKS AND REWARDS OF ADDING AUGMENTED REALITY TO CONNECTED DEVICESAS THE INTERNET OF THINGS

GETS REAL, BUSINESSES GET READY

ISACA 2016 IT RISK / REWARD BAROMETER

ISACA 2016 IT RISK / REWARD BAROMETER 2

THE GROWTH OF AUGMENTED REALITY Augmented reality dates back to the 1960s, but it was not until the summer of 2016 that this novel blend of physical and virtual reality was thrust into the spotlight via a smartphone game. Pokémon Go, a location-based augmented reality game for iOS, Android, and Apple Watch devices, was an instant hit. The game garnered extensive media coverage, especially when it crept into the workplace and the media reported on everyone from prime ministers to reporters and law enforcement officers who were spotted playing the game.

This popular use of AR also created a sub-industry among business-es that profited from being a “PokeStop” by selling products or ser-vices to game players or advertising related product features, such as smartphone with longer battery life.1 It was also an eye opener for businesses about how engaging augmented reality can be.

But it would be unfair to characterize AR as just a gaming feature. Industries such as the military, healthcare, automotive, education and retail are already using AR and its close relative, virtual reality (VR), to provide immersive experiences that transport people to new places and transform the way they see things.

This commercial use of AR is expected to keep growing and at a rapid pace. Goldman Sachs believes that AR and VR have the potential to become the next big computing platform. The firm’s conservative estimate is that the hard-ware and software market for these technologies will grow to US $80 billion by 2025.2

Recently a major IT analyst firm revealed its top 10 near-term predictions for technology. The #1 trend: 100 million consumers will shop in augmented reali-ty environments by 2020. Another trend speaks to the staying power of the Internet of Things: the firm predicts that the IoT will save con-sumers and businesses US $1 trillion a year by 2022.3

AUGMENTED REALITY REPRESENTS PART OF A NEW ERA FOR COMPUTING; FREEDOM FROM THE BOUNDS OF THE SCREEN. Companies working in this space are already boldly planning to replace the desktops of their staff, offering data and information in real-time to the eyes of workers. There’s a dystopian flipside – in a world where we rely heavily on mixed reality for navigation or other critical information, cyber security breaches represent an even greater danger.”

– Vijay Michalik, Research Analyst, Digital Transformation, Frost & Sullivan


BALANCING THE RISK AND REWARD OF AR AND IOTThe annual ISACA IT Risk/Reward Barometer polls thousands of business and technology professionals and consumers worldwide to uncover attitudes and behaviors about essential technologies and information, and the trade-offs people make to balance risk and reward. This year’s study focused on IoT devices in general and on those enhanced with AR.

This year’s study shows just how far the Internet of Things has come in terms of user adoption. Among the countries surveyed, a signif-icant majority of consumers reports owning at least one Internet of Things device. India tops the list at 85 percent, followed by Singa-pore (81 percent), Australia (77 percent), UK (73 percent) and lastly, US, which numbers more than 7 in 10 consumers (71 percent).

Smart TVs are the most commonly owned IoT device across all five countries, but the second and third most commonly owned devices show real variation:

WITH GREAT TECHNOLOGY COMES GREAT CONFUSIONYet rapid adoption of a new type of product – especially in the tech-nology arena -- does not come without its challenges. ISACA’s sur-vey data shows that as the Internet of Things phenomena spreads, it seems to be leaving a wake of confusion in its trail.

The 2016 Barometer consists of two survey audiences:

THE BUSINESS/IT PERSPECTIVE

6,591 ISACA MEMBERS FROM

140 COUNTRIES

THE CONSUMER PERSPECTIVE

5,231 CONSUMERS IN TOTAL ACROSS

5 COUNTRIES: US, UK, AUSTRALIA, INDIA AND SINGAPORE

AUSTRALIA INDIA SINGAPORE UK US

Smart TV (46%) Smart TV (51%) Smart TV (56%) Smart TV (43%) Smart TV (45%)

Connected car (29%)

Smart watch (38%)

Internet-connected camera (33%)


Wireless fitness tracker (26%)


Internet-con-nected camera (35%)

Employee access card with sensor (30%)

Connected car (18%), smart meter (18%)


TOP 3 INTERNET OF THINGS DEVICES OWNED BY CONSUMERS


With the exception of India, the other three markets surveyed in both 2015 and 2016 (i.e., Australia, UK, US) show a drop of 10 points or more in the number of people who feel very or somewhat knowledgeable about their ability to identify devices considered to be part of the Internet of Things. The greatest drop year-over-year was in Australia, where the number of confident “IoT spotters” de-creased from 81 percent to 68 percent.

Once an even newer technology is layered in, consumer confidence drops even further. When consumers were asked if they feel very or somewhat knowledgeable about identifying Internet of Things devic-es that have been enhanced with augmented reality, the percentages drop nearly 15 points or more:

Consumer familiarity with IoT devices and AR-enhanced IoT devices should matter to enterprises for two reasons: first, as the use of AR apps grows among enterprises, it will be important for organizations to understand how much employee education will be needed. Sec-ondly, employees may create a risk to an organization’s information security or corporate reputation if they use IoT devices or AR apps in risky ways at work.

AR MAKES ITS WAY INTO THE WORKPLACEAmong ISACA members surveyed in the countries corresponding to the consumer survey -- Oceania (Australia and New Zealand), India, Singapore, UK and US -- the most common use of AR for business purposes over the past year is remote business applications, such as remote diagnostics or remote healthcare (17 percent in India, 17 percent in US, 16 percent in UK, 15 percent in Singapore and 9 per-cent in Oceania).

Among those who have not used AR for business in the past year, a small percent is planning to do so in 2017: 17 percent in India, 10 percent in Oceania, 9 percent in Singapore, and 6 percent in both UK and US).

India DROPS FROM 94%

(IoT devices) TO 80% (AR-enhanced IoT devices)

US DROPS FROM

73% TO 43%

UK DROPS FROM

66% TO 39%

Australia DROPS FROM

68% TO 36%

Among Singapore consumers, surveyed for the first time this year, 78% ARE CONFIDENT ABOUT

IDENTIFYING IOT DEVICES in general and 56% FEEL SIMILARLY ABOUT

THOSE ENHANCED WITH AR.


The top barriers to adoption ranged by country/region. The respons-es show that many are unsure of the possible barriers, which aligns with currently low rates of implementation and thus a lack of firsthand knowledge of obstacles:

THE REWARDS OF AR IN DAILY LIFEThe IT Risk/Reward Barometer shows that a large majority of con-sumers in all five countries/regions see value in the range of poten-tial applications of AR that was presented. Four of the five countries rate the following as the top three ways that AR-enhanced IoT can improve their quality of life:

UK is the exception: retail geolocation does not make the top three; training guides are bumped to second place behind healthcare geo-location, and home decoration (e.g., projection of décor to help you

plan out room design) is ranked third.

UK 18% INSUFFICIENT ROI

14% SECURITY CONCERNS 12%

INSUFFICIENT BUDGET

US 18% INSUFFICIENT ROI

18% SECURITY CONCERNS

13% INSUFFICIENT BUDGET

TRAINING GUIDES (e.g., step-by-step graphical overlays helping you to learn a new skill for personal or professional development)

RETAIL GEOLOCATION (e.g., GPS device that efficiently guides you to the items on your shopping list within a store)

HEALTHCARE GEOLOCATION (e.g., GPS app that identifies where an AED/defibrillator device is avail-able in the immediate vicinity)

Oceania 23% INSUFFICIENT ROI

17% LACK OF SKILLS/KNOWLEDGE

FROM EXISTING STAFF

9% SECURITY CONCERNS

India 20% SECURITY CONCERNS


FROM EXISTING STAFF

16% INSUFFICIENT BUDGET

Singapore 25% SECURITY CONCERNS


FROM EXISTING STAFF

13% INSUFFICIENT ROI


CONSUMERS ALSO SEE CLEAR VALUE IN AR APPLICATIONS AT WORK

CONSUMER PERSPECTIVE - TOP FOUR BENEFITS OF AR AT WORK (Definitely feel that AR enhancements in their workplace would likely help increase...)

BUSINESS/IT PERSPECTIVE - TOP FOUR BENEFITS OF AR AT WORK (Completely or somewhat agree that AR could lead to the following workplace benefits)

BETTER MARKETING

USUKSINGAPOREINDIAAUSTRALIA

61%

69%

68%

72%

62%

70%

76%

72%

0 10 20 30 40 50 60 70 80 90 100

65%

66%

74%

69%

72%

73%

81%

78%

85%

89%

86%

86%

INCREASED EFFICIENCY

NEW BUSINESS MODELS/OFFERINGS

BETTER COLLABORATION

INCREASED VISIBILITY WITH CLIENTS

USUKSINGAPOREINDIAAUSTRALIA

17%

19%

20%

24%

13%

17%

18%

22%

0 10 20 30 40 50 60

11%

16%

16%

19%

19%

23%

24%

25%

55%

54%

56%

54%

MORE ENGAGED TRAINING

LEADER/STAFF COMMUNICATIONS

REMOTE LEARNING & DEVLOPMENT


THE POTENTIAL RISKS: DATA BREACHES AND VIRTUAL GRAFFITIUser distraction is an obvious potential downside of augmented reality – for example, a car windshield cluttered with too many items is probably going to get in the way of safe driving. For popular AR games, there is also the risk of criminals – such as the news reports about robbers who used Pokémon Go to lure players to remote spots and then rob them.

A more common threat is hackers, a concern shared by both con-sumers and IT professionals alike:

· Many consumers are very or somewhat concerned that Inter-net of Things devices enhanced with augmented reality may make their devices more vulnerable to a privacy breach (91 percent in India, 89 percent in Singapore, 77 percent in Aus-tralia and US, and 76 percent in UK)

· 8 in 10 or more of IT professionals across the five countries/regions believe that organizations should be concerned about the privacy risks of augmented reality.

A risk that is specific to augmented reality is a virtual graffiti attack – the use of AR-enhanced Internet of Things devices to virtually deface build-ings, landmarks, signage or other workplace surfaces with negative, unauthorized imagery, and then share with others.

Yet there is an even bigger risk -- AR vir-tual graffiti apps can also collect infor-mation from social media and sites such as Glassdoor, so companies need to be aware of this and monitor both those apps and social media.

The risk is a corporate reputational one, and few organizations appear to be ready to detect and manage it quickly:

· Over half of consumers feel that their workplace is very or some-what vulnerable to these attacks (56 percent in US, 55 percent in Australia, 54 percent in UK, 74 percent in Singapore, and 78 percent in India)

ENTERPRISES NEED TO WORK ON BEING AGILE AND APPLYING SOUND MEASURES around governance, security and risk management to fully realize the benefits of technology advances like augmented reality.”

– Christos Dimitriadis, Ph.D. CISA, CISM, CRISC, chair of ISACA’s Board of Directors and group director of Information Security for INTRALOT.


· At this point, very few organizations have a program in place to monitor negative comments left via virtual graffiti apps (11 percent in India, 9 percent in Singapore, 7 percent in US, 6 percent in Oceania, and 3 percent in UK)

Organizations are better prepared for detecting content that shows up in an AR app through aggregation – i.e., publicly posted social media posts, pictures or videos that that are geotagged to the organization or tagged to its signage or ads. The US leads in this with 1 in 3 orga-nizations saying they have this ability, followed by more than 1 in 4 in UK, 1 in 4 in India and Singapore, and 1 in 5 in Oceania.

This gap between the risk and the preparedness of enterprises to detect and manage it is not surprising -- this technology is very new. Pokémon Go, for example, caught many organizations off guard, and it took some time for organizations to figure out how to leverage the opportunity. We expect to see these numbers increase signifi-cantly in the next year. In addition, most organizations still associate AR and VR with putting on 3D glasses. While that is certainly one aspect of it, the ability for people to use their smartphone as a view-finder has caught some organizations off guard.

IMPLICATIONS FOR BUSINESS AND ITOrganizations and their IT departments need to adapt their strate-gies to account for the risk and reward represented by the Internet of Things and by commercial use of augmented reality. ISACA experts offer the following recommendations.

EXTEND SOCIAL MEDIA MONITORING TO AR PLATFORMS: Since much of the AR risk is closely related to social media, leverage and extend current social media policies and monitoring to augmented reality platforms, such as Layar and Wikitude SDK.

START LOOKING AT HOW AR CAN IMPROVE YOUR BUSINESS. Training and diagnostics are two key ways—imagine being able to have a wealth of additional information layered on to the doctor’s screen, for example. Begin to think about how it can be used safely for marketing and other means to drive business for the organization.

REVIEW YOUR GOVERNANCE FRAMEWORK AND UPDATE YOUR POLICIES. There are two aspects to AR: the aspect of bringing your own


With the proliferation of IoT-enabled devices and the drive to provide enhanced user experiences,

IOT AND AR HAVE THE POWER TO BECOME A SOURCE OF UNPRECEDENTED VALUE AND OPPORTUNITY. Individuals and enterprises should focus on rapidly getting up to speed on these technologies while learning how to manage risk so they do not compromise their company’s ability to innovate.”

– Rob Clyde, CISM, Board Director of ISACA and executive advisor at BullGuard

device (e.g., playing Pokémon Go in the workplace, which is an example of BYOAR/VR. Sec-ondly, what is your organization’s policy for use of AR as part of the business?

CONSIDER THE PRIVACY ANGLE. What will the privacy policy be re-lated to these new technologies?

BUILD SECURITY IN TO EVERY STAGE. Security is a crucial component of AR initiatives to ensure you can have confidence in the data.


RELATED RESOURCES

For full survey results, including related infographics, visit www.isaca.org/risk-reward-barometer.

ABOUT ISACA’S 2016 IT RISK/REWARD BAROMETER

The annual IT Risk/Reward Barometer is a global indicator of trust in information. Con-ducted by ISACA, a global association of more than 140,000 IT security, assurance, risk and governance professionals, the Barometer polls thousands of business and IT professionals and consumers worldwide to uncover attitudes and behaviors about essential technologies and information, and the trade-offs people make to balance risk and reward. The study is based on online polling of 6,591 ISACA members among 140 countries from 19-29 September 2016. Additional online surveys were fielded by M/A/R/C Research among 1,230 consumers in the US, 1,000 consumers in the UK, 1,000 consumers in Australia, 1,001 consumers in India and 1,000 consumers in Singapore. The US survey ran 6-8 August 2016, and the UK, Australia, India and Singapore sur-veys ran 12-23 August 2016. At a 95 percent confidence level, the margin of error for each individual country sample is +/- 3.1 percent.

ABOUT ISACA

ISACA (www.isaca.org) helps global professionals lead, adapt and assure trust in an evolving digital world by offering innovative and world-class knowledge, standards, networking, credentialing and career development. Established in 1969, ISACA is a global nonprofit association of 140,000 professionals in 180 countries. ISACA also offers the Cybersecurity Nexus (CSX), a holistic cybersecurity resource, and COBIT, a business framework to govern enterprise technology.

Twitter: https://twitter.com/ISACANews

LinkedIn: ISACA (Official) https://www.linkedin.com/company/isaca

Facebook: www.facebook.com/ISACAHQ

(Endnotes)

1 Businesses Are Already Profiting from Pokemon Go. 20 July 2016, VentureBeat. Retrieved 21 October 2016.

2 “Virtual & Augmented Reality: Understanding the Race for the Next Computing Platform,” 13 January 2016, Gold-man Sachs. Retrieved 21 October 2016.

3 Gartner’s top 10 near-term predictions for tech. 21 October 2016, Computerworld. Retrieved 21 October 2016.

risks and rewards of adding augmented reality to connected ... · pdf file1 as every business...

Documents